IPSec-ESP: Encapsulating Security Payload for IP Security Suite
GENERAL DESCRIPTION
LancsNet IPsec-ESP Engine is designed to provide hardware acceleration of the ESP packet processing required to implement in IPSec compliant devices. The design offers straightforward for offloading ESP packet processing to hardware up to 25.6 Gbps while high-level protocols such as connection establishment/management, SA, Key exchange are run on embedded CPU. The core follows strictly recommendations from IETF RFC 4303/RFC 4301 and has been extensively tested in association with our products.
KEY FEATURES
Features
-
-
-
-
- IPSec Bandwith up to 25.6 Gbps**
- Support IETF RFC 4303/RFC 4301
- AXI-Stream compatible
- Supports all three ESP security service types: Confidentiality only, Integrity only, Confidentiality and Integrity
- Support IPv4 or IPv6 applications
- IPsec ESP Transport or Tunnel mode operation
- Support for combined mode algorithms: AES-CCM (RFC 4309) and AES-GCM (RFC 5288)
- Automatic ESP padding generation and checking.
- Supports Traffic Flow Confidentiality padding generation.
- Extended Sequence Number support for IKEv2 (RFC 5996) compatibility
-
-
-
** IPsec-ESP with fully-pipelined AES-GCM on Virtex7 XC7VX550T
Configurability
-
-
-
- Tunable pipeline stages
- May be supplied with any combination of ESP encryption and authentication algorithms.
- Selectable ESP security services: Confidentiality only, Integrity only, Confidentiality and Integrity
- Bandwidth adjustable (for tradeoff in the area)
-
-
Technology Agnostic
-
-
-
- VHDL source code available, designed and tested for FPGA* and ASIC
-
-
* In production with customers
Example Implementation – LancsNet IPSec-ESP Engine
| Family | Part |
Fmax (MHz) |
LUT | LUTRAM | FF | BRAM | DSP | IP Config |
| Artix7 | XC7A200T | 125.9 | 17K | 1 | 6K | 9 | 0 | IPSec tunnel mode, AES-GCM 128, 14 round |
| Kintex7 | XC7K325T | 178.6 | 17K | 1 | 6K | 9 | 0 | IPSec tunnel mode, AES-GCM 128, 14 round |
| Virtex7 | XC7VX550T | 201.7 | 17K | 1 | 6K | 9 | 0 | IPSec tunnel mode, AES-GCM 128, 14 round |
| Artix7 | XC7A200T | 125.9 | 19K | 1 | 7K | 9 | 0 | IPSec tunnel mode, AES-GCM 192, 14 round |
| Kintex7 | XC7K325T | 178.6 | 19K | 1 | 7K | 9 | 0 | IPSec tunnel mode, AES-GCM 192, 14 round |
| Virtex7 | XC7VX550T | 201.7 | 19K | 1 | 7K | 9 | 0 | IPSec tunnel mode, AES-GCM 192, 14 round |
| Artix7 | XC7A200T | 125.9 | 20K | 2 | 8K | 9 | 0 | IPSec tunnel mode, AES-GCM 256, 14 round |
| Kintex7 | XC7K325T | 178.6 | 20K | 2 | 8K | 9 | 0 | IPSec tunnel mode, AES-GCM 256, 14 round |
| Virtex7 | XC7VX550T | 201.7 | 20K | 2 | 8K | 9 | 0 | IPSec tunnel mode, AES-GCM 256, 14 round |
APPLICATIONS
IPsec hardware accelerators, security gateway, cloud computing, data center, edge router, edge networking for IoT data aggregation.
An example application of the IPSec-ESP IP adopted for datacenter acceleration using SmartNIC
DELIVERABLES
The IP core and the simulation testbench are provided with extensive documentation and technical support from our technical teams. By default, the encrypted format IP core is provided, full source code is available for interested partners/developers under a specific agreement
FOR DEMO ON HARDWARE AND SIMULATION
Contact us sales@lancsnet.com
PRICING AND FURTHER INFORMATION
Request for quote & datasheet at sales@lancsnet.com
Recent Comments